Hosts: Sentry is in the hosts file.

@c-edw this has been discussed here: https://github.com/StevenBlack/hosts/commit/521777278a3a496c94dda6d363695714fce2f247#r30820677

there are also some comments here: https://github.com/lightswitch05/hosts/commit/78eba1c684e900845387f8e2cfdcbc770c266289#commitcomment-30290114

@lightswitch05 funny thing,not sure how long ago but they changed tactics.Can't recall where i found it but they started executing java scripts from a different domains.I had to block the script trough my adblocker as from what i can recall the domain(s) were generic.

Daniel @lightswitch05 can you please remove the sentry.io from your list? I am very queasy about bloking root domains as you know.

Hey @StevenBlack I definitely understand, and as I demonstrated in #876 I'm happy to remove root domains when its just side affect of the domain expansion system I have.

Unfortunately in this case, the root sentry.io is the domain being reported to.

Example Request: POST https://sentry.io/api/[removed]/security/?sentry_key=[removed]&sentry_environment=production

In https://github.com/StevenBlack/hosts/commit/521777278a3a496c94dda6d363695714fce2f247#r30820781 I explained that I would be happy to remove this block if they wanted to update the host name they use for reporting in the libraries

The purpose of Sentry is not to collect data. It's nothing ominous. It's a tool for developers to keep track of client-side errors in production.

@c-edw I layout why I blocked them in both of those links that i provided above. Perhaps you didn't read them. Obviously linking to multiple conversations isn't very effective. Also, a couple of the conversations happened on commits instead of tickets, so they are especially hard to find. I created a new ticket in my repo for tracking this https://github.com/lightswitch05/hosts/issues/58 - feel free to read and comment there. Please close this ticket.

I have skimmed a past issue but I can't see a good reason to block this domain. You can't expect Sentry to move their API endpoints specifically so you can block that particular subdomain. AFAIK the purpose of these hosts files is to block genuine malware and adware whilst leaving general browsing unimpacted. Perhaps there is a genuine reason to block this, but it comes at the cost of not being able to even visit Sentry's website.

Thank you for discussing this.

Connor @c-edw you have it mostly right. And FWIW I mostly agree.

However this is also about user privacy, specifically freedom from being tracked. I think Sentry is a good company but, as Daniel explained, they are using their root domain for things some consider dodgy.

Sentry is a developer's aid. The end-user installs an app or visits a site, and Sentry kinda tags along, unseen and unknown by the end user. It's unfortunate that sentry uses its root domain as API endpoint. That was a design decision made at some point in the past. It's hard for them to change that, agreed, but we have to draw the line somewhere.

For the record, I disagree that changing the API endpoint is a major change. A simple api.sentry.io CNAME record pointing at sentry.io with a gradual rollout to various libraries would do the trick while staying backwards compatible. Maybe a couple extra header changes and a new SSL cert.

Daniel @lightswitch05 I have software in the wild. I can categorically confirm: changing an API endpoint is non-trivial, or impossible, depending.

It may be technically easy, as you show, but add some legacy userland, and it's going to be much tougher. It may not be possible to fix.

Please remove sentry.io from the list of domains we publish here.

@StevenBlack I hope you realize that we lost a good contributor because you are more willing to accommodate for the bad design choices of a questionable company than for providing what your project is promising: Protection from tracking.

I was there when all it took to convince you to remove sentry.io from the list was a half assed "Pretty please. I promise we are nice." by their CEO. While at the same time said CEO is bragging in his own repo how they are successfully social engineering privacy tools maintainer like you into removing them from their blacklists. He said himself that they are tracking everything that other trackers do but of course it's only for a good cause since it is so useful to developers. Right?

I'm able to block sentry myself but I'm sad for all the people who blindly trust your judgement and I'm afraid of all the stuff you probably causally remove from the block list, that isn't publicly discussed.

Companies like sentry use their root domains on purpose and you are enabling their tactics by buying into their BS arguments. They make good money and have to suck it up and fix their "design choices" if they are truly not interested in tracking people against their will. (Which they must do anyways according to GDPR but blissfully ignore.) You should not cater to their questionable needs.

Your project was great and I'm thankful for what you did in the past and provided to the community free of charge. However I hope someone else with more integrity than you will soon pick up the ball that you dropped a couple of months ago.

Knock it off, you guys. Seriously.

What none of you see is the emails I get on a daily basis from people who petition me directly with questions. All of them, with almost no exception, are the result of the purely mechanical curation of @lightswitch05's list.

I develop in React, and React-Native now. Sentry is an increasingly integrated piece in this space. I've never felt comfortable blocking Sentry root domain. I don't want to block sentry.io anymore, primarily because it's looking increasingly like I'll need it, and I can't even read the docs because of my own hosts file.

I hear everybody. Please don't lecture me about "a questionable company", and @DPTJKKVH, fuck you for attributing motive. Go fuck yourself. My name is Steve Black. What's yours?

This isn't something to get so emotional over. It's just a hosts file.

@lightswitch05 As Steven was saying, we can't know how difficult it would be for them to move their API to a subdomain because we don't work at Sentry. There could be legitimate reasons they haven't done it already.

@DPTJKKVH Can you provide some proof of these claims?

@StevenBlack Thank you for taking a reasonable stance on this.

@StevenBlack Where did I suggest that you secretly pursue something evil? I only called you gullible to the bs arguments sentry is using for their tracking. However you provided the reason for your biased stance on sentry yourself: You are using their service.

So I withdraw my statement that you are gullible but now I question your reasoning.

It is no problem at all that you are using sentry yourself but why on earth don't you just simply create an entry in your personal whitelist file instead of exposing everyone to Sentries tracking? It would only make sense if you in fact want others to provide useful information to your own software projects via sentry. I don't say those are your motivations but it's the only theory I can think of.

So why do you expose everyone instead of only yourself to sentry?

@StevenBlack from this: https://github.com/StevenBlack/hosts/issues/568#issuecomment-381770752 to this over here. It is no problem at all to use a product at a later time. But your transparency written at #568 is hard to find. @StevenBlack Sells Out?

Perhaps a free Sentry subscription has helped. I do not know. I do not care.
Fact to the matter is this.

I can not and will not contribute in view of these circumstances.
Therefore the request for the removal of my contribution: https://github.com/StevenBlack/hosts/pull/883.

@StevenBlack I believe that you are a good person.
It remains to be said that although my contribution was minimal. My ride has ended right now.

Thanks.